BIOS password policies

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi everybody,

I'm looking for a security solution to prevent users to boot up their
computers from other removable media like floppys, CD-Roms etc.

Had anyone a good experience with setting up BIOS security policies in
corporate environment with many hundreds computers?

Quoted text here. Click to load it
computer has no effect because it will be known to everyone in the
company in one week.

How is it manageable to set up a unique password per computer?

Re: BIOS password policies

Quoted text here. Click to load it

    Use the computer's serial number or MAC adress, for example, and
generate a key using those informations. This will allow you to generate
a key that is specific to the machine. From then on you can choose to
make it simple and select the first five (or more) odd characters from
the serial number or you can create a small app that will calculate a

    Taking a simple approach like the odd characters has the advantage
of letting you find the key without searching where the #@#! paper is
since all you need is the serial number that is always with the machine.
The more complicated key will mean that you have to have the list of
keys with you but you'll have less chance of someone guessing your

With 1234-FHIJK-56LMN7P8Q I generated a series of keys
Q8P74321 - easy
13FIK6M7 - still easy
2874HMLI - a bit harder
FUYK45HO - No chance unless you have enough known keys and good guys at

    My 2 cents

Les gens sans humour manquent de sérieux.

Re: BIOS password policies wrote:
Quoted text here. Click to load it

If they cannot reach the hardware except keyboard and mouse: a simple BIOS
password will do (together with a reliable OS and no administrative rights).

If not: forget that.

"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
                   Wolfgang Clement am 10.10.05 als Noch-Superminister

Re: BIOS password policies

Volker Birk wrote:

Quoted text here. Click to load it

If I were you I would tackle the social issue of the bios password
becoming known through out the company with in a week. There's really
no reason why you should give this out to a standard user within your
organisation with the exception of areas where support staff cannot

If this is an imposibility I would look at using a machines serial
numner, audit number or computer name to generate random passwords.
This could be done with a simple formula.

IT Consultancy=20

Site Timeline